DoS stands for Denial of Service and normally refers to individual IT infrastructure components being completely overwhelmed. If this is the result of malicious behaviour, it’s a DoS attack. Such an attack is carried out by flooding the target system with a huge number of requests to cause a crash meaning the website, online shop or digital services are unavailable for legitimate requests.
DDoS attack definition.
DDoS attacks are even more effective. The first ‘D’ stands for ‘distributed’ and defines an attack that originates from many different sources. Cybercriminals exploit a number of compromised computers, servers or infected IoT end devices to launch their attacks with the compromised devices being known as ‘bots’ (or ‘zombies’), and a group of bots as a ‘botnet’. In most cases, those using these devices have no idea that they have been infected as they carry on working as normal. They are, however, being controlled by a third party. As soon as the attackers have set up a botnet, they can send each individual bot instructions and thus control them from several systems to generate a huge volume of requests to overload the infrastructure or server.
High time, then, to take a critical look at DDoS to protect your company from attacks. We’ve summarised the most important questions and answers on the topic for you here.
What are attackers aiming to achieve?
A website being taken offline as a result of a DDoS attacks seems relatively harmless, but what people don’t take into account are the knock-on effects, that go far beyond the disabling a website, online shop or application.
- Loss of reputation – Businesses and organisations that are impacted by a hack have to deal with the far-reaching impact on their reputations. It could be that customers, partners and investors try to distance themselves from the affected company and it can take quite a while to win back trust.
- Financial losses – If the online shop or website goes offline, the company can quickly start to lose money as orders and requests can’t be processed. In the worst case scenario, customers can be tempted away by competitors. Moreover, getting back on your feet after such an attack quickly racks up costs meaning the effects can be felt long after the website or shop is back online.
- Data loss – More often than not, hackers combine DDoS with other types of cyberattack. The DDoS attack is used as a distraction tactic, so while the IT are focused on that, the attackers can infiltrate the IT infrastructure with malware and steal sensitive data.
Larger institutions, businesses and political institutes are the most common targets of DDoS attacks as hackers attempt to steal data, damage the company’s reputation or blackmail the victims into paying a ransom in a cryptocurrency such as Bitcoin. DDoS can also be politically motivated.
How should you respond in the face of an attack?
When it comes to a DDoS attack, you have to act fast. The Federal Office for Information Security (BSI) has, therefore, put together a checklist for affected businesses and organisations recommending the following steps:
- Set up a crisis team consisting of IT employees and security officers plus those in public relations. to implement and coordinate measures.
- Report the incident in accordance with your corporate escalation guidelines to management
- Include your internet service provider (ISP) or hosting provider.
- Press charges with your local police and inform a lawyer and/or your legal department.
- Public relations and corporate communications – Prepare some information on the incident so that you are ready to respond to enquiries about the incident.
- Report what’s happened to the BSI so that the authorities can analyse the current threat situation in Germany.
Compile an emergency plan, which is always to hand as and when you need it. It’s essential that all parties know how to react and who the in-house and external contacts are should the worst come to worst, and so it’s worth carrying out drills.
Data protection – More than just the GDPR.
How can an attack be prevented?
A modern security concept should be the bedrock. The first step is to analyse the status quo and look for any potential vulnerabilities to form the foundation for a well-thought through, intelligent security concept. If you want to be able to identify a DDoS attack, you need to know a little about your network’s normal traffic so that anomalies stand out. This is where modern technologies and tools come in. Other security measures include hardening you systems, installing next-gen firewalls, geo-blocking and modern SIEM (Security Information and Event Management). The goal is to implement a holistic security concept tailored to you and your company’s needs and to the external partners to hand who can help in emergencies.
One thing is certain, the vast majority of businesses do not have the resources or the expertise to fully dedicate to the topic of IT security, which is why it’s worth working with an external partner to help you effectively defend your company against DDoS attacks.